New module content (5)
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
Author: Michael Heinzl
Type: Auxiliary
Pull request: #19878 contributed by h4x-x0r
Path: admin/scada/mypro_mgr_creds
AttackerKB reference: CVE-2025-22896
Description: This module adds credential harvesting for MySCADA MyPro Manager using CVE-2025-24865 and CVE-2025-22896.
NetAlertX File Read Vulnerability
Authors: chebuya and msutovsky-r7
Type: Auxiliary
Pull request: #19881 contributed by msutovsky-r7
Path: scanner/http/netalertx_file_read
AttackerKB reference: CVE-2024-48766
Description: This adds an auxiliary module allowing arbitrary file read on vulnerable (CVE-2024-48766) NetAlertX targets.
SimpleHelp Path Traversal Vulnerability CVE-2024-57727
Authors: horizon3ai, imjdl, and jheysel-r7
Type: Auxiliary
Pull request: #19894 contributed by jheysel-r7
Path: scanner/http/simplehelp_toolbox_path_traversal
AttackerKB reference: CVE-2024-57727
Description: This adds an auxiliary module for SimpleHelp; the vulnerability (CVE-2024-57727) is a path traversal which allows arbitrary file read.
Invoice Ninja unauthenticated PHP Deserialization Vulnerability
Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y
Type: Exploit
Pull request: #19897 contributed by
metasploit
weekly